001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.activemq.security; 018 019import java.security.Principal; 020import java.util.Collections; 021import java.util.HashSet; 022import java.util.Iterator; 023import java.util.Set; 024import java.util.concurrent.ConcurrentHashMap; 025import java.util.concurrent.ConcurrentMap; 026 027import org.apache.activemq.command.ActiveMQDestination; 028 029/** 030 * Used to cache up authorizations so that subsequent requests are faster. 031 * 032 * 033 */ 034public abstract class SecurityContext { 035 036 public static final SecurityContext BROKER_SECURITY_CONTEXT = new SecurityContext("ActiveMQBroker") { 037 @Override 038 public boolean isBrokerContext() { 039 return true; 040 } 041 042 @Override 043 public Set<Principal> getPrincipals() { 044 return Collections.emptySet(); 045 } 046 }; 047 048 final String userName; 049 050 final ConcurrentMap<ActiveMQDestination, ActiveMQDestination> authorizedReadDests = new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>(); 051 final ConcurrentMap<ActiveMQDestination, ActiveMQDestination> authorizedWriteDests = new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>(); 052 053 public SecurityContext(String userName) { 054 this.userName = userName; 055 } 056 057 public boolean isInOneOf(Set<?> allowedPrincipals) { 058 Iterator<?> allowedIter = allowedPrincipals.iterator(); 059 HashSet<?> userPrincipals = new HashSet<Object>(getPrincipals()); 060 while (allowedIter.hasNext()) { 061 Iterator<?> userIter = userPrincipals.iterator(); 062 Object allowedPrincipal = allowedIter.next(); 063 while (userIter.hasNext()) { 064 if (allowedPrincipal.equals(userIter.next())) 065 return true; 066 } 067 } 068 return false; 069 } 070 071 public abstract Set<Principal> getPrincipals(); 072 073 public String getUserName() { 074 return userName; 075 } 076 077 public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedReadDests() { 078 return authorizedReadDests; 079 } 080 081 public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedWriteDests() { 082 return authorizedWriteDests; 083 } 084 085 public boolean isBrokerContext() { 086 return false; 087 } 088}